WASHINGTON-The Treasury Department recently issued official guidelines delaying the statutory October 25 compliance date with the USA PATRIOT Act Section 326 and proposed rules by federal financial institutions regulators. CUNA and NAFCU supported the PATRIOT Act's passage but have worked toward delaying the compliance date in their comment letters and discussions with officials. Treasury explained that the comments received by credit unions and other financial services providers "revealed substantial issues" that the Treasury Department and regulators are analyzing in drafting the final rules. Treasury said the final rules will provide "a reasonable amount of time" for compliance, but reminded financial institutions that they are still required to comply with existing obligations and should be preparing for basic steps toward compliance with the new regs. Treasury is still considering further guidance on other provisions in the law with October deadlines. CUNA President and CEO Dan Mica responded to the announcement with a letter to Treasury Secretary Paul O'Neill stating, "We feel Treasury has responded in a very appropriate manner and commend you for your leadership in this matter. We continue to advocate that financial institutions be given sufficient time, which we believe is at least six months, to meet their responsibilities under the final rule." CUNA Associate General Counsel Mary Dunn commented that the department is not so much overstepping the law than sidestepping it. In a proverbial splitting of hairs, Treasury plans to have the regulation out by the October 25 effective date, but actual enforcement of it will be delayed, though the department has not set a specific time frame. Dunn said that regulators are "within their bounds" to "wait for a reasonable time" before enforcing the law. "We may go up to the wire in terms of seeing a final rule, but we're going to hold Treasury to its promise to provide extra time," she added. NAFCU Regulatory Compliance Counsel Eric Envall said that he expects a rule out by the end of the month, but possibly not by the 25th deadline. "My impression is [Treasury] is as much interested in giving themselves leeway as they are in giving financial institutions leeway," Envall commented. The main reason for delaying enforcement is the fact that a final regulation still has not been issued just days before the statutory compliance date. Section 326 of the PATRIOT Act requires financial institutions to verify the identity of accountholders, store the documents used to verify identity for five years, and ensure they are not included on terrorist lists compiled by the federal government, among other things. Section 314 provides for information sharing practices between the private and public sectors, but is not covered by this latest guidance. Some definite problems exist with the current proposal, according to CUNA General Counsel Eric Richard. "There are quite a few technical problems with the statute and what people will have to do to comply with it and some of them are theoretical and some of them are real. It's up to the Treasury Department to help people understand which is which," he said. One of the practical problems is that there is no single compilation of government lists of terrorists and it is unclear which lists need to be checked by credit unions and other financial institutions. He added that CUNA has recommended centralization of this information. Theoretically, on the other hand, when someone cashes a check, the credit unions would have to check the identities of all the parties to that transaction. Richard said that CUNA is hearing from several sources that this is "impossible as a practical matter." He said he is confident these problems will be worked out, but that this is another reason why the deadline was unrealistic. Envall added that another problem in the proposal was the storage requirements. Financial institutions under the proposal would have to store all the documents used to verify consumers' information for five years after the account is closed. He pointed out, "Even storing the documents electronically can be costly and time consuming." NAFCU is pushing that documents be stored five years after the opening of the account. Overall, Envall said he does not expect the new regs to be a "lingering problem" and if credit unions have been vigilant in their previous practices, like storing documentation already, it should not be a big adjustment at all. Compliance comes in all sizes. "I think the smaller the credit union, the harder it is," Richard said. Larger credit unions have an advantage because they are more likely to be able to purchase software packages on the market now that "comport to help you comply." He added that there has not been a great deal of independent analysis of the software, but CUNA is considering whether it has the capabilities to perform its own evaluations. "If you're not big enough to buy software and install it, then your problem is that much more complicated. I think it's a tough situation because everybody really wants to make their contribution to fighting the war on terrorism," CUNA's Richard said. "I think it's probably the nightmare of every credit union employee in the country that they'll be the one who cashes the check or facilitates the opening of the account that turns out to be a key of some horrible incident but at the same time, people are human and there are some real constraints out there. People will feel their way through this and a realistic way to comply will be arrived at but it's going to take a little bit of time." Punishments for noncompliance can be stiff both in civil and criminal arenas, Dunn explained. Fines for willful violations can reach as high as $250,000 against the institution, which can be smacked with another $500,000 if it is determined to have no anti-money laundering prevention policies and procedures in place or if there is a pattern of crime. "It's serious. And what's more serious perhaps than the civil and criminal penalties, perhaps, is the negative publicity you could get, but within the credit union, how your board might react or how NCUA might react to a violation. I think from a credit union CEO's standpoint, your own board of directors is always the thing you worry about most. Who wants to have to go to their board and say `Ladies and gentleman, I'm really sorry, but we just violated the USA PATRIOT Act and the Treasury Department is on our backs'? That would not be a good board meeting." Technically, there are no tiers of punishment for infractions, but "prosecutorial discretion" should be used, Richard said. For example, he explained, a $2 million credit union found to be in violation should be treated differently by prosecutors than a $3 billion bank. Additionally, Envall said the law indicates that policies and procedures are expected to be tailored to the risks involved at a particular type of institution. Since all financial service providers must comply, privately insured credit unions and other non-federally insured institutions, like check cashers, fall under the authority of the Financial Crimes Enforcement Network (FinCEN). Dunn also remarked that she did not expect backlash from the Congress, because financial institutions are not trying to evade their responsibilities under the law but are concerned about the practicalities of compliance. She added that Treasury probably conferred with Congress in delay. Both trade organizations are working to gear up their members on what will be required of them. NAFCU is devoting an entire day of its Compliance School, with 100 attendees expected, to the USA PATRIOT Act. Envall will teach sessions, as well as staff from FinCEN and the Office of Foreign Asset Control, according to NAFCU Associate Director of Education Ron Goode. CUNA and NAFCU both have held audioconferences on the subject and plan possibly to hold another after the final regulations are released. Richard pointed out that CUNA's audio conference drew a record 475 callers and 75 people ordered tapes afterward. Both groups plan to outline what credit unions should be considering in putting together their policies and procedures and linking members together to share their experiences and policies. CUNA plans to provide members with this information through its E-Guide. CUNA will also publish a guidebook on policies and procedures, including employee training and other aspects. [email protected]